Safe OpenSig is a mobile app for Safe multisig signers. It eliminates blind signing by showing you exactly what a transaction will do before you sign it on your hardware wallet.
The problem: When signing Safe transactions, you're often trusting a web interface to show you the truth. But browser extensions, phishing sites, or compromised frontends can manipulate what you see.
The solution: Safe OpenSig reconstructs the transaction locally on your device, simulates it, and shows you the real outcome: balance changes, permission changes, everything. Then you verify that what you're signing on your Ledger matches what you just verified.
- Transaction Simulation: See exactly what will happen before signing: token transfers, balance changes, and permission modifications
- Ledger Hardware Wallet Support: Visual preview of what your Ledger Nano S/S+ will display, so you can verify character-by-character
- Multi-Chain Support: Works with Ethereum, Polygon, Optimism, Base, Arbitrum, Gnosis, and 10+ other networks
- Local Simulation: Transaction decoding and EVM execution happen entirely on your device, with state fetched from RPC nodes
- Trust-Minimized Verification: State is verified using Merkle proofs from multiple independent nodes
- Import or paste your Safe transaction data
- Simulate the transaction locally using an embedded EVM
- Review the decoded results: balance changes, approvals, and state modifications
- Verify hashes match between the simulation and your hardware wallet
- Sign with confidence knowing exactly what you're approving
Safe OpenSig is privacy-first. Analytics are opt-in and off by default. When enabled, the app sends a small set of anonymous behavioural events, no wallet addresses, no transaction hashes, no calldata, no amounts, no RPC URLs. Every event is documented in docs/analytics.md. You can self-host the analytics backend; see that doc. To build without analytics entirely, leave APTABASE_APP_KEY blank in your .env.
- FVM (Flutter Version Management)
- Flutter 3.32.4 (managed by FVM)
# Clone the repository
git clone https://github.com/candidelabs/safe-opensig.git
cd safe-opensig
# Install dependencies
fvm flutter pub get
# Create .env file with RPC endpoints (see .env.example)
# Run the app
fvm flutter runCreate a .env file with RPC node URLs for the networks you want to support. The app uses multiple nodes per network for trust-minimized state verification.
Safe OpenSig operates on a three-pillar verification model:
| Pillar | Description |
|---|---|
| Local REVM Simulation | Runs a Rust EVM directly on-device to decode transaction logic and preview state changes |
| Cryptographic Verification | Validates blockchain state using Merkle Patricia Trie proofs (eth_getProof) from multiple independent nodes |
| Hardware Emulation | Provides a 1:1 preview of Ledger screens for character-by-character verification before signing |
For technical details on the trust-minimized verification approach, see our research post on ethresear.ch.
- Framework: Flutter 3.32.4 (cross-platform mobile)
- State Management: Riverpod
- Storage: Hive (local-first, no cloud sync)
- EVM: REVM via Rust FFI
- Navigation: GoRouter
lib/
├── core/ # Core infrastructure
│ ├── router/ # Navigation and routing
│ ├── storage/ # Local persistence
│ └── theme/ # App theming
├── features/ # Feature modules
│ ├── account_management/ # Safe account operations
│ ├── onboarding/ # First-run experience
│ └── verify_safe_transaction/ # Transaction verification flow
├── shared/ # Shared utilities
│ ├── models/ # Domain models
│ ├── widgets/ # Reusable UI components
│ └── services/ # Business logic
└── main.dart
We welcome contributions! Please follow these guidelines:
- Fork the repository
- Create a feature branch from
develop:git checkout -b feature/your-feature - Make your changes
- Run
fvm dart format .andfvm flutter analyze - Submit a pull request to
develop
| Branch | Purpose |
|---|---|
main |
Production releases |
develop |
Integration branch for PRs |
feature/* |
New features |
fix/* |
Bug fixes |
hotfix/* |
Critical production fixes |
Safe OpenSig is designed with security as the primary concern:
- Minimal network requests: Only connects to RPC nodes for state verification
- No external dependencies for transaction decoding
- Open source for full auditability
If you discover a security vulnerability, please report it responsibly.